Under consideration for publication in Theory and Practice of Logic Programming 



1 



A Simple Correctness Proof 
for Magic Transformation 

Wlodzimicrz Drabent 

Institute of Computer Science, Polish Academy of Sciences, 
ul. Ordona 21, PI - 01-237 Warszawa, Poland 
and 

Linkopings universitet, Department of Computer and Information Science 
S - 581 83 Linkoping, Sweden 
(e-mail: drabent at ipipan dot waw dot pi) 

submitted 21 December 2009; revised 7 August 2010; accepted ? 



Abstract 

The paper presents a simple and concise proof of correctness of the magic transformation. 
We believe it may provide a useful example of formal reasoning about logic programs. 

The correctness property concerns the declarative semantics. The proof, however, refers 
to the operational semantics (LD-resolution) of the source programs. Its conciseness is due 
to applying a suitable proof method. 
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1 Introduction 



Magic transformation (see (Nilsson and Maluszynski 1995 Chapter 15.3) for refer 



ences) is a technique to facilitate efficient bottom-up evaluation of logic programs. 
Given a program and an initial goal, the transformation produces a so-called magic 
program; the answers of both programs for the initial goal should be the same. 
Looking for a correctness proof of magic transformation I found that such a proof 
was rather easy to construct. Moreover the result turned out to be surprisingly 
concise. In this note I present the proof with all the details. I believe it provides a 
useful example of formal reasoning about logic programs. 



Mascellani and Pedreschi (2002) stated that "all known proofs of correctness 



of the magic-sets transformation(s) are rather complicated" (see ( Ramakrishnan 



1991) for an example), and presented a simpler proof, which concerns the declara- 
tive semantics of the original and transformed programs. Our proof is maybe even 
simpler; moreover it formalizes the relation between the declarative semantics of 
the transformed program and the operational semantics of the original one. The 
simplification is due to applying a suitable proof method for program correctness, 
instead of constructing a proof from scratch. 
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2 Preliminaries 



For standard notions and notation see (Apt 1997). We consider definite clause 



programs (not restricted to Datalog). By a query we mean a conjunction of atoms. 
Given a program P, by an answer (or correct answer) we mean any query Q which 
is a logical consequence of the program (P \= Q). If an answer is an instance of 
some initial query Qq then we say that it is an answer for P and Qq. By a computed 
answer for a program P and initial query Qq, we mean an instance Qq9 of Qq, 
produced by a successful SLD-derivation for P and Qq [|] A fundamental theorem 
relates answers and computed answers: 

Theorem 1 {Soundness and completeness of SLD-resolution) 
For any program P, any query Q, and any selection rule: 
If Q is a computed answer for P then P \= Q. 

If P |= QQ then there exists a computed answer Qa for P and Q, such that Q8 
is an instance of Qo~^\ 

A proof tree (called sometimes implication tree or derivation tree) for a program 
P and an atomic query A is a finite tree whose nodes are atoms, the root is A, and 
in which if Pi , ... , B n [n > 0) are the children of a node H then H «— B\ , . . . , B n 
is an instance of a clause of P. Proof trees provide a useful characterization of logic 
program answers: 

Theorem 2 

For any program P and query Q, P |= Q iff for each atom A of Q there exists a 
proof tree for P and A. 



The theorem follows immediately from (Apt 1997 Th. 4.24(v)). The latter is at- 



tributed to (Clark 1979) in (Deransart 1993 Proposition 2.6) 



We focus on LD-resolution (SLD-resolution with the Prolog selection rule) and 
will study the sets of procedure calls and procedure successes in LD-derivations. The 
procedure calls are the atoms selected in the derivation. A definition of procedure 
successes is given in |Appendix A| For the proof of the main theorem of this paper 
it is sufficient to know that any computed answer for an initial atomic query is a 
procedure success. 

Consider a pair {pre, post) of sets of atoms, each closed under substitution. We 
can treat such a pair as a specification of procedure calls and successes of a program 
(a call-success specification). 

Definition 1 

We say that a program P with a query Q is correct w.r.t. a call-success specification 
{pre, post) iff in any LD-derivation for P and Q all the procedure calls are in pre 
and all the successes in post. 



1 In (Apt 1997| l answers are also called correct instances of initial queries, and computed answers 
are called computed insta nces. 

2 For a proof see e.g. JApt 19971 Th. 4.4, 4,13). 



Correctness proof, magic transformation 



3 



Notice that such correctness is not a declarative property, as it depends on a par- 
ticular operational semantics. We will use the following sufficient criterion for cor- 



and references, and Appendix A for a proof.) 



rectness (Drabent and Milkowska 2005). (See Concluding Remarks for discussion 



Theorem 3 

Assume that for a call-success specification {pre , post) , a program P, and an atomic 
query Q £ pre the following holds: 

For each (possibly non-ground) instance H 4— B\ , . . . , B n (n > 0) of each clause 
of P 

if H £ pre, Bi , . . . , B n £ post then H £ post, , . 

if H £ pre, Bi , . . . , Bi-i £ post then Bi £ pre (for i = 1, . . . , n). 
Then P with Q is correct w.r.t. (pre, post) . 

For a non-atomic initial query the requirement Q £ pre has to be generalized 
to: for each instance Bx, ... , B n (n > 0) of the query, if B±, . . . , £ post then 
-Bi G pre (for i = 1, . . . , n). 

It remains to define the magic transformation. It adds new predicate symbols to 
the alphabet C of programs and queries; for each predicate symbol p, the unique 



new symbol *p is added. In a simple version, for instance that of (Nilsson and 



Maluszynski 1995), the arity of *p is that of p. In the general case, some k p argument 
positions of p are selected, and the arity of 'p is k p . (We do not discuss the choice 
of k p and of the selected positions, as it is irrelevant for the correctness of magic 
transformation.) Let *P denote the set of new predicate symbols. If A — p(t\ , . . . , t n ) 
is an atom over C then 'A denotes *p{ti t , . . . , t ikp ), where i\, . . . , ik p are the selected 
positions of p. Such an 'A is called magic template. In what follows A, B, H, possibly 
with subscripts, denote atoms over C. (Hence *A,*B,'H stand for atoms with the 
new predicate symbols.) 

Definition 2 (Magic transformation) 

Let P be a program and Q an atomic query. The magic program magic(P, Q) for 
P and Q is the program containing 

1. a clause H 'H , B\, . . . , B n for each clause H <— B\, . . . , B n in P, 

2. a clause 'Bi -s— *H, Si, ... , for each clause H <— Bi, ... , B n in P and 
each i = 1, . . . ,n, 

3. the clause 'Q <—. 



3 The proof 

Now we are ready to prove correctness of the magic transformation. The required 
property is that both programs have the same answers for Q. Our proof consists of 
two lemmas (inclusion in two directions). Moreover, the second lemma formalizes 
the main intuition behind the transformation: program magiciP, Q) describes the 
sets of procedure calls and successes in computations of program P and query Q, 
under Prolog selection rule. In the lemmas, P is a program and Q is an atomic 
query, both over L. 
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Lemma 1 

For any query R over £, if magic(P, Q) \= R then P \= R. 

PROOF: Consider a proof tree T for magic(P, Q) and A, where A is an atom from 
R. Removing from T each atom *B results in (a set of trees containing) a proof tree 
for P and A. Thus by Th.[2) if magic{P, Q) \= R then P \= R. □ 

Lemma 2 

P with Q is correct w.r.t. a call-success specification (pre, post) given by 

pre = { A | magic(P, Q) |= M }, 
post = { A | magic(P, Q) \= A}. 

In particular, each computed answer Q9 for P and Q is in post. 

PROOF (outline): Notice that the magic program is an encoding of the correctness 
conditions from Th.[3] □ 
PROOF (detailed): The magic program contains 'Q hence Q € pre. Consider 
an instance (H <— Bi,...,B n )6 of a clause of P. Assume that HO <E pre and 
B x 6, Bi_x6 e post (0 < i < n + 1). Then magic{P, Q) \= 'H9, B Y 9, B^. 
If i = n + 1 then magic(P, Q) \= H9 (by the clause from case [l] of Def.[2]). If i < n 
then magic(P, Q) \= 'Bfl (by the clause from case [2] of Dcf.[2]). Thus the sufficient 
condition for correctness (from Th.[3]) is satisfied. □ 

Corollary 1 

If P \= Qa then magic(P, Q) \= Qa. 

PROOF: By completeness of LD-resolution, Qa is an instance of a computed answer 
Q0 for P and Q. By Lemma [2j Q9 G post. Hence Qa € post. □ 

From Lemma [l] and the corollary it immediately follows: 
Theorem 4 (Correctness of the transformation) 

Let P be a program, Q an atomic query, and 9 a substitution. Then 

P\=Q0 iff magic(P, Q) \= Q9. 

In other words, programs P and magic(P, Q) have the same sets of answers for Q. 
Hence by Th.[l] any computed answer for P, Q is an instance of a computed answer 
for magic(P,Q), Q\ and any computed answer for magic(P,Q), Q is an instance 
of a computed answer for P, Q. The correctness is sometimes expressed in a less 
general way, as in the corollary below (which follows immediately from Th.|4]). 

Corollary 2 

MpC\[Q] = M magic (p,Q) fl [Q], where M. p denotes the least Herbrand model of P, 
and [Q] the set of ground instances of Q. 
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Variants of magic transformation. The reader is encouraged to check that the 
proof is also valid for a class of magic transformations, characterized as follows: 1. in 
a clause H 'H, . . . from case [l] of Def.[2j the body atom 'H may be removed; 
2. some body atom(s) from a clause 'Bi <- ... (Def.[2j case [2| may be removed 
( Nilsson and Maluszynski 1995[ ). 

In some approaches (e.g. (Beeri and Ramakrishnan 1991)), an atom 'Bi may be 
added to the body of a magic program clause, when the body contains Bi. Such 
program is logically equivalent to magic(P, Q), thus our correctness theorem holds 
also for this case0 



An important class of magic transformations employs adornments (see e.g. (Ra- 



makrishnan 1991 Beeri and Ramakrishnan 1991 )). The original program P is trans- 



formed into an adorned program P ad : by renaming predicate symbols into fresh ones. 
(We omit the details of the transformation.) A symbol p may be renamed into more 
than one symbols; thus several renamings of a clause C E P may appear in p ad . 
Similarly, the query Q is transformed into Q (by applying a selected renaming of its 
predicate symbol). The two programs are equivalent in the sense that P \= QO iff 
P \= QO. The new magic program is obtained by applying the magic transforma- 
tion from Df.[2]to the adorned program: magic' (P, Q) = magic{P ad , Q), From Th.[I] 
we obtairj^jcorrectness of this magic transformation: P |= QO iff magic 1 '{P, Q) (= QO. 



4 Concluding remarks 

We first outline some other correctness proofs of magic transformation. Then we 
discuss the method of Th.[3]uscd in our proof. 



Mascellani and Pedreschi ( 2002 ) prove the equivalence M.p fl [Q] = M m agic( p,q) H 
[Q] of Corollary [2] The proof employs Herbrand interpretations. In particular it 
studies the intersection of the least Herbrand models (of magic(P, Q) and of P) 
with a Herbrand interpretation J, which is related to the set pre of Lemma [2j 



The main part of the proof of (Ramakrishnan 1991 Th. 5.1), corresponding to 



proving Corollary [I] is based on constructing a proof tree for magic(P,Q) and Q, 
whenever a proof tree for P and Q exists. The proof is by induction on the tree 
for P. The inductive step considers an instance Q <— 'Q,Bi, . . . ,B n of a clause 
of magic(P,Q). By the inductive assumption, there exist trees for magic(P,Bi) 
and Bi. To construct trees for magic(P,Q) and each Bi, one needs to show that 



3 To show the equivalence, let P 1 be the program magic(P, Q) modified as described. Any clause 
of P' can be seen as C = A <— *H, Bi, . . . , Bi-^F, where C = A <— 'H, Bi,..., is a 

clause of magic(P,Q), and F is a possibly empty conjunction of some literals of the form 'Bj 
(j < i). Formula C — > C is a tautology, hence magic(P, Q) \= P' . 

To show P 1 |= magic(P,Q), we prove by induction on i that P 1 \= C, for each clause 
C £ magic(P,Q) as above. For i = 1, C = C 6 P' , as F is empty. For the induc- 
tive step, assume without loss of generality that F is a single atom 'Bj. There is a clause 
C'bj = 'Bj <— *H, B\, . . . , Bj^i in magic(P,Q), where j < i. By the inductive assumption, 
P' \= Cbj- Also, P' |= C". Formula (C^. A C) — ¥ C is a tautology (e.g. apply the resolution 
principle w.r.t. F to Cb and C). Thus P' (= C. 



4 The proof is: P \= Q0 iff P ad \= Q9 iff (by Th.[If magic(P ad , Q). 
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magic(P, Q) \= *Bj. This is done by induction on i. The correctness proof of (Beeri 



and Ramakrishnan 1991) is similar. 



An important intuition about the magic transformation, and a motivation for 
introducing it, seems to be the correspondence between the magic program and 
the calls and successes of the original one. This correspondence is neglected in the 
aforementioned proofs. In contrast, we formalize it as Lemma [2j and it is a core of 
our proof. 

Nilsson (1995) presented a concise proof of a property related to Lemma [2] and 
Th.[4j He showed correspondence between the declarative semantic^jof magic(P, Q) 
and the collecting top down abstract interpretation of P with Q. The latter provides 
supersets of the set of calls and the set of successes in LD-dcrivations. So the main 
idea is similar to that of our proof, however the notion of abstract interpretation is 
additionally employed. 

The main reason for conciseness of the proof of Th.[4] was employing the correct- 
ness proof method of Th.[3|( |Drabent and Mifkowska 2005] Section 3.2). The method 
deals with properties of LD-derivations. Such a property may be non-declarative 
(i.e. inexpressible by means of the declarative semantics). The sufficient condition 
from Th]3[ was initially proposed by Bossi and Cocco ( |1989[ ), and is a central con- 
cept of (Apt 1997 Chapter 8). (Programs/queries satisfying the condition are called 
there well-asserted.) Formall y, Th.j3] is stronger than the corresponding results in 
(Bossi and Cocco 1989), or (Apt 1997), as they do not deal with calls and suc- 
cesses, or — respectively — with successes in the derivations^] So we give its proof in 
the Appendix. 

The method of Th.[3]is a special case of that of (Drabent and Maluszyhski 1988 



The main difference is that call-success specifications in ( Drabent and Maluszyhski 



1988) are not required to be closed under substitution. Another correctness proof 



methods for non-declarative properties, with specifications not necessarily closed 
under substitution, are presented in (Colussi and Marchiori 1991 Drabent 1997). 

Often we are interested in declarative properties of programs. For such properties 
a simpler proof method exists, usually attributed to ( |Clark 1979 ). We illustrate that 
method in Appendix B by another proof of Corollary [T] The reader is referred to 
(Drabent and Milkowska 2005, Sections 3.1, 3.2) for a presentation, further refer- 
ences, and for a comparison with methods dealing with non-declarative properties. 



Appendix A 

Here we present a formal definition of procedure calls and successes, and a soundness 
proof for the method of proving programs correct w.r.t. call-success specifications 
(Th.[3|. The definition follows that of ( |Drabent and Maluszyhski 1988[ ). 



More precisely, the s-semantics i Bossi et al. 1994p . 

Thus the proof method of jApt 199?] Chapter jj) is insufficient to obtain Lemma [2] However 
it can be used to obtain a weaker lemma, stating that the computed answers are in post. Such 
lemma is sufficient to derive Th.|4] 

tn | Apt an d Marchiori f 994 b it is shown th at the sufficient condition of Th.|3]is a special case 
of that of i |r3rabTrur*ano r ^laluszyhski f988| |. 
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Definition 3 {Calls and successes) 

Let Qq, Qi, Q2, ■ ■ ■ be the sequence of queries and 6±, 62, ■ ■ ■ the sequence of mgu's 
of an LD-derivation T>. Let 6ij — ■ • • 9j for i < j. 

An atom A is a procedure call in T> iff A is the first atom of some Qi {Qi = A, B). 

An atom A' is a procedure success (of a call A) in I? iff 

- Qi = A, B for some i > 0, 

- = B#jj for some j > i, 

- and A' = AOi j for the least such j. 

Notice that if A' is a success of a procedure call A (in an LD-derivation for a program 
P) then A' is a computed answer for A (and P). The corresponding successful 
derivation for A can be constructed out of the queries Qi, . . . ,Qj as above, by 
removing Bfl^j from each query Qi = Q[, B#j/, for I — i . . . ,j (where &a stands for 
e, and Q[ = A). 

PROOF of Theorem [3} Assume that the conditions of the theorem are satisfied, 



and consider an LD-derivation for P and Q. By (Apt 1997 Corollary 8.8), each 
procedure call in the derivation is in pre. 

As explained above, each procedure success A' of a call A is a computed answer 



for A. By (Apt 1997 Corollary 8.9) the computed answer is in post. □ 



Appendix B Declarative proof of Corollary [T] 

The proof method ( |Clark 1979 ) is based on a property that, given an interpretation 



/, if I \= P then / |= Q for each answer Q of a program P. Such I is treated as a 
specification; I \— P is a sufficient condition for correctness of P w.r.t. /. 



We will use term interpretations (Apt 1997 Section 4.4); their interpretation 



domain is the set of all the terms (of the given language). Ground terms are inter- 
preted as themselves. A valuation for variables is a substitution. Under a valuation 
?7, a term t is interpreted as tr\. An interpretation is (represented as) a set of atoms. 
An atom A is true in an interpretation I under a valuation 77 iff An G /. Thus 
/ |= A iff each instance of A is in /. For a clause C = H 4— B\, . . . , B n we have: 
/ |= H B\,.,., B n iff Bin, • • ■ , B n r\ e / implies Hn E I for each instance Crj 
of C. 

PROOF (of Corollary [IJ : Let us abbreviate MP = magic{P,Q). As a specification 
for P we take the interpretation 

I = { A I A is an atom, MP \fi 'A or MP |= A }. 



Obviously: 



If A e I then MP \= 'A implies MP \= A. (Bl) 



We show I \= P (hence P is correct w.r.t. /). Let H Bi,...,B n e P. 
Assume Biij, . . . , B n n 6 /. We have to show that Hrj 6 /. Notice first that 
MP \= *Hn, MP |= Bi-r), MP \= B^n imply MP \= 'B^ (by a clause of 
MP from case [5] of Def.[2|, and hence MP \= B^, by (Bl I. By simple induction we 
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obtain that MP |= 'Hrj implies MP \= BxT), . .. , MP \= B n r\, and thus it implies 
MP |= Hri (by the clause from case [l] of Def.[2]). If MP \£ 'Hr/ then Hrj e I (by the 
definition of /). Otherwise, by the implication above, MP \— Hrj; thus H-q E I. 

By the assumption of the Corollary, Qa is an answer for P. Thus from I \= P it 
follows that / |= Qa, hence Qa e /. As MP |= m Qa, we have MP \= Qa. □ 
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